- LockBit ransomware group has suffered a data breach and its new ransomware version LockBit 3.0 builder was published online.
- Their servers were hacked by unknown people who stole LockBit 3.0 builder and then shared it on Twitter.
- The builder file was circulated on GitHub and some social media platforms; security researchers, criminals, and curious people could investigate the builder.
LockBit ransomware servers were hacked by unknown people who stole the builder of LockBit 3.0/Black builder and then published the builder file on GitHub and Twitter. The same ransomware gang was also the victim of a DDoS attack, which was most likely deployed by one of its victims.
Criminals have their insider criminals too
The builder for LockBit’s new version LockBit 3.0 or LockBit Black had been tested for two months before its release and launched the final version in June. The ransomware had been released with a bug bounty program that contained high rewards for the bounty hunters.
Recently, malware and cybercrime researcher 3xp0rt posted on Twitter that an unknown person ”ali_qushji” claimed his team hacked the LockBit servers and discovered the possible builder of LockBit Black (3.0) ransomware. The same person put the builder data on the GitHub repository.
The news was circulated on social media and many users got the leaked builder file. It was immediately forked 129 times on Github. On the other hand, VX-Underground informed that they were contacted by a user named ‘protonleaks,’ who had shown them a copy of the builder at the beginning of September. It is not clear whether protonleaks and ali_gushji are the same people.
LockBit responded to hacking news and denied that its servers were hacked. The criminal group claimed that the leak was made by an annoyed developer who was unhappy with LockBit’s leadership.
LockBit's comment on this situation: Nothing was hacked, just fired the programmer.
— 3xp0rt (@3xp0rtblog) September 21, 2022
This leak will likely allow the security research community to analyze and explore LockBit 3.0/Black builder software, and make them prepare for new threats and ransomware operations better.